Data protection and security information
Our company attaches particular importance to data protection. In principle,
you can use our website without providing personal data. However, if a data
subject wishes to avail of particular services provided by our company
online, processing of personal data may be required. If processing of
personal data is required and there is no legal basis for such processing,
we generally obtain the consent of the data subject.
Processing of
personal data, in particular a data subject’s name, address, email address
or telephone number, is always carried out in accordance with the EU General
Data Protection Regulation (GDPR), the Federal Data Protection Act
(Bundesdatenschutzgesetz; BDSG) and other applicable laws. Through this data
privacy statement, our company would like to provide information about the
nature, scope and purpose of the personal data we process and highlight to
data subjects the rights granted to them.
(1) Definitions
Our company’s privacy policy is based
on the GDPR. Our data privacy statement should be easy to read and
understand. Below we explain some of the most relevant terms to ensure that
this is the case:
(1.1) Personal data
Personal data means any information
relating to an identified or identifiable natural person (hereinafter “data
subject”); an identifiable natural person is one who can be identified,
directly or indirectly, in particular by reference to an identifier such as
a name, an identification number, location data, an online identifier, or to
one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person
(Article 4 (1) GDPR).
(1.2) Data subject
A data subject is any identified or
identifiable natural person, whose personal data is processed by the
controller responsible for the processing.
(1.3) Processing
Processing means any operation or set
of operations which is performed on personal data, whether or not by
automated means, such as collection, recording, organisation, structuring,
storage, adaptation or alteration, retrieval, consultation, use, disclosure
by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction.
(1.4) Restriction of processing
Restriction of
processing means the marking of stored personal data with the aim of
limiting its processing in the future.
(1.5) Profiling
Profiling means any form of automated
processing of personal data consisting of the use of personal data to
evaluate certain personal aspects relating to a natural person, in
particular to analyse or predict aspects concerning that natural person's
performance at work, economic situation, health, personal preferences,
interests, reliability, behaviour, location or movements.
(1.6) Pseudonymisation
Pseudonymisation is the
processing of personal data in such a manner that the personal data can no
longer be attributed to a specific data subject without the use of
additional information. Such additional information is kept separately and
is subject to technical and organisational measures to ensure that the
personal data is not attributed to an identified or identifiable natural
person.
(1.7) Controller or party responsible for processing
Controller or party responsible for the processing means the natural or
legal person, public authority, agency or other body who/which, alone or
jointly with others, determines the purposes and means of the processing of
personal data.
(1.8) Processor
Processor means a natural or legal
person, public authority, agency or other body, who/which processes personal
data on behalf of the controller.
(1.9) Recipient
Recipient means a natural or legal
person, public authority, agency or another body, to whom/which the personal
data is disclosed, whether a third party or not. However, public authorities
which may receive personal data in the framework of a particular inquiry in
accordance with Union or Member State law shall not be regarded as
recipients.
(1.10) Third party
Third party means a natural or legal
person, public authority, agency or body other than the data subject,
controller, processor, and persons who, under the direct authority of the
controller or processor, are authorised to process personal data.
(1.11) Consent
Consent of the data subject means any
freely given, specific, informed and unambiguous indication of the data
subject's wishes by which they, by a statement or by a clear affirmative
action, signify agreement to the processing of personal data relating to
them.
(2) Name and address of party responsible for processing
(“controller”)
The controller as defined by the GDPR
is:
perma-tec GmbH & Co. KG
Hammelburger Str. 21
97717
Euerdorf | GERMANY
Email: info(at)perma-tec.com
www.perma-tec.com
(3) Contact details of our data protection officer
datenschutz(at)perma-tec.com
Every data
subject can contact our data protection officer directly with any queries or
suggestions that they might have concerning data protection.
(4) General data categories, purpose and legal basis of data
processing
Whenever you use the perma-tec websites,
applications or online tools (hereinafter also referred to as “perma-tec
online service offer”), we process the following personal data:
- Personal data that you voluntarily provide via perma-tec online service
offer (e.g. when registering, contacting us with your queries or
participating in surveys, etc.), including e.g. first/last name, email
address, telephone number, information submitted as part of a support
request, comments or forum posts
- Information that is automatically sent to us by your web browser or
device, such as your IP address, server log files, device type, browser
type, referring site, sites accessed during your visit, the date and
time of each visitor request
We process your personal data for the following purposes:
- To allow you to use the services and functions of perma-tec online
service offer
- To process your request
- To verify your identity and enable user authentication
- To send you marketing information or to contact you in the context of
customer satisfaction surveys as further explained in Clause 4
- To enforce our terms and conditions, to assert or defend legal claims,
and to tackle and prevent fraud or other illegal activities, including
attacks on our IT infrastructure
Processing personal data is required to achieve the specified purposes. In
certain processing contexts, we also process other categories of personal
data. Refer to Clauses 4.1 to 4.4 for more information.
Unless expressly
specified otherwise when collecting personal data, the legal basis for data
processing is as follows:
- Performance and fulfilment of a contract with you pursuant to Article 6
(1) (b) GDPR
- Fulfilment of legal obligations to which perma-tec is subject pursuant
to Article 6 (1) (c) GDPR or
- To safeguard the legitimate interests of perma-tec pursuant to Article 6
(1) (f) GDPR. The legitimate interest of perma-tec lies in the
processing of your personal data for the purpose of this offering and
the operation of perma-tec online service offers
In some cases, we expressly request your consent for the processing of
personal data. In this case, the legal basis for processing personal data is
your declared consent pursuant to Article 6 (1) (a) GDPR.
(4.1) File-sharing portal
When using our file-sharing
portal, the following additional personal data is collected and stored in
addition to the data listed above under Clause 4: logging of accesses
(downloads and uploads). This data is not shared with third parties and is
deleted after six months at the latest.
4.2 perma Online shop
When using our perma Online shop,
the following additional personal data is collected and stored in addition
to the data listed above under Clause 4: ordering history. This data is not
shared with third parties and is deleted following expiration of the legal
retention period.
(4.3) perma SELECT APP, perma CONNECT APP, perma MLP APP and perma
web application
When using our perma SELECT APP, perma MLP
APP and perma MLP web application the following additional personal data is
collected and stored in addition to the data listed above under Clause 4:
results from calculations are saved in PDF format and sent to the specified
email address. This includes the email address and name of author. When
using the perma MLP APP, perma CONNECT APP and perma MLP web application, in
addition to the profile data entered by the user, username and password (in
encrypted form), the uploaded images and names of lubrication points are
also saved. This data is not shared with third parties and is deleted
following expiration of the legal retention period.
(4.4) perma SETBOX
When using our perma SETBOX, during
an update the following additional personal data is collected, forwarded and
stored via email (in the background) to the CRM system used internally at
perma-tec in addition to the data listed above under Clause 4: IP address,
SETBOX ID, name of PC and error messages. This data is not shared with third
parties and is deleted following expiration of the legal retention period.
(4.5) perma ACADEMY, perma eACADEMY
When registering
for the perma ACADEMY, in addition to the data listed above under Clause 4,
information about dietary restrictions for catering is also saved. In order
to use the perma eACADEMY, information about the user’s course
participation, learning status and certificates is forwarded and saved in
addition to the profile data entered by the user. This data is not shared
with third parties and is deleted following expiration of the legal
retention period.
(5) Cookies
This website uses cookies and similar technologies. Cookies are small text
files that are stored on your computer when you visit our website. We use
cookies and similar technologies in order to ensure usage of our online
services, for statistics and for map services.
A so-called “cookie
banner” appears when you visit our website. By clicking on a corresponding
button, you declare your consent to the use of cookies and similar
technologies listed in the table below. You can also make a selection
concerning the cookies and similar technologies used on the site. Your
selection will be stored for future website visits.
You can revoke your
consent at any time via the “Cookie settings” at the bottom of this website,
unchecking the respective boxes and then clicking on “Confirm selection”.
Please note that based on your settings you may experience interruptions or
limited functionality in certain areas of the website. Furthermore,
depending on the browser, it may also be possible to set the browser so that
no cookies or similar technologies can be used.
User consent is required
for the use of certain cookies and similar technologies, depending on their
function and purpose.
No consent is required for cookies and similar
technologies that are essential for the use of our online services or to
safeguard IT security. The setting of these cookies and the use of similar
technologies as well as related processing activities are permitted pursuant
to Article 6 (1) (f) GDPR.
By contrast, consent is required for cookies
and similar technologies used for all other purposes such as statistical
analyses and the integration of map services.
Overview of cookies used on this website:
Designation |
Provider |
Purpose |
Type |
Period of data storage |
cookie_consent_manager |
Tritum |
Banner check |
HTML Local Storage |
90 days |
ccm_statistics |
Tritum |
Banner check |
HTML Local Storage |
90days |
ccm_external_maps |
Tritum |
Banner check: Tracking consent |
HTML Local Storage |
90 days |
More detailed information on the processing of personal data for statistical
evaluations (analysis tools) which takes place when "Statistics" is
activated in the cookie banner can be found under section 14.
More
detailed information on the processing of personal data in connection with
the use of map services when "Maps" is activated in the cookie banner can be
found in section 14.
(6) Contact options on the website
perma-tec collects
and processes personal data of the data subject in order to:
- Fulfil perma-tec obligations when concluding or over the course of a
contractual relationship between perma-tec and the data subject
- Simplify effective communication and the relationship between perma-tec
and the data subject
- Handle queries and other matters in relation to perma-tec products and
services
- Forward customer queries to our sales partners if necessary
- Ensure compliance with legal obligations and enforce contractual
agreements
- Manage the security of perma-tec products, services, intellectual
property and other offerings • Analyse sales data and partner
interaction with perma-tec products and services, in order to improve
the customer experience and the content of these products and services
- Conduct surveys, carry out marketing and communication activities
- The legal basis for the above processing purposes is Article 6 (1) (b,
f) GDPR
(7) Newsletter
The following personal data is collected
when you register for our newsletter: your name and email address. By
subscribing to our newsletter, you permit perma-tec GmbH & Co. KG to
collect, process and save the above-mentioned data. We only use this data to
send the newsletter. In order to optimise our offering, we also evaluate
which links have been clicked in the newsletter in a personalised form. You
also grant us your consent to this processing purpose by registering. You
can revoke your consent to the storage and use of your email address for the
purpose of sending the newsletter at any time with future effect. To do so,
simply click the unsubscribe link at the end of the newsletter or contact us
in this regard.
(8) Processing the personal data of business partners
As part of its cooperation with business partners, perma-tec processes the
personal data of points of contact at customers, suppliers, interested
parties, distribution partners and cooperation partners (hereinafter
“business partners”):
- Contact information such as first/last name, business address, business
phone number, business mobile number, business fax number and business
email address
- Payment data such as details required to process payment transactions or
prevent fraud, including credit card information and card verification
codes
- Additional information whose processing is required to execute a project
or a contractual relationship with perma-tec and which is provided by
business partners on a voluntary basis, e.g. when placing an order,
submitting queries or providing details on projects
- Personal data that is collected from publicly available sources,
information databases or credit agencies
- If legally required for compliance screenings: Date of birth,
identification and ID numbers as well as information about relevant
litigation or other legal proceedings involving business partners
perma-tec processes personal data for the following purposes:
- Communicating with business partners about products, services and
projects, e.g. by responding to queries or requests from business
partners or providing technical information about products
- Planning, performing and managing the contractual relationship between
perma-tec and the business partner, e.g. in order to process product
orders and service requests, process payments, carry out accounting and
billing activities, arrange deliveries, and carry out maintenance
activities and repairs
- Managing/conducting customer surveys, marketing campaigns, market
analyses, sweepstakes, contests, or other promotional activities or
events
- Conducting customer satisfaction surveys and direct marketing activities
as described in more detail in Clause 4
- Maintaining and protecting the security of perma-tec products, services
and websites, preventing and detecting security threats, fraud or other
criminal or malicious activities
- Ensuring compliance with (i) legal requirements (e.g. fiscal and
commercial retention obligations), (ii) existing obligations concerning
performance of compliance screenings (to prevent white-collar or money
laundering crimes) and (iii) perma-tec policies or industry standards
- Solving disputes, enforcing existing contracts and establishing,
exercising and defending legal claims
The processing of personal data is required to achieve the aforementioned
purposes. Unless expressly specified otherwise when collecting personal
data, the legal basis for data processing is as follows:
- Performance and fulfilment of a contract with you pursuant to Article 6
(1) (b) GDPR
- Fulfilment of legal obligations to which perma-tec is subject pursuant
to Article 6 (1) (c) GDPR or
- Safeguarding of perma-tec’s legitimate interests pursuant to Article 6
(1) (f) GDPR The legitimate interest pursued by perma-tec is the
initiation, performance and management of the business relationship.
If you have expressly given your consent to the processing of your personal
data in individual cases, this consent shall be the legal basis for
processing pursuant to Article 6 (1) (a) GDPR.
(9) Recipients of personal data
Those parties within
our company who require your data to fulfil our contractual and legal
obligations will have access to it. Service providers and vicarious agents
working for us may also receive data for such purposes if they undertake to
maintain, in particular, confidentiality and integrity. These include
companies in the following categories: IT services, logistics, print
services, telecommunications, collection, consulting, sales and
marketing.
In terms of sharing data with recipients outside our company,
first and foremost it should be noted that we will only share necessary
personal data, observing all applicable regulations on data protection. In
principle, we may only disclose information about you if this is required by
law, you have given your consent or if we are authorised to provide such
information. Under these conditions, recipients of personal data may
include:
- Public agencies and institutions (e.g. tax authorities, law enforcement
agencies, family courts, deed registries) if there is a statutory or
regulatory obligation to share the data
- Lending and financial service institutions or comparable organisations
with which we share personal data for the purpose of conducting a
business relationship (banks, credit agencies, etc.)
- Other affiliated companies in our group for risk management purposes
based on a statutory or regulatory obligation
- Creditors or bankruptcy trustees that request the data in connection
with foreclosure
- Auditors
- Service providers that we have retained as processors,
- commercial agents of the company
(10) Sending data to third countries
Data is sent to
parties located in countries outside the European Union (third countries) in
cases where
- It is necessary to execute your orders (e.g. delivery orders)
- It is required by law (e.g. reporting duties under tax law) or
- You have given us your consent
In addition, data is sent to parties in third countries in the following
cases:
- Your personal data may be sent to an IT service provider in a third
country in full compliance with European data protection standards if
and as needed in individual cases to maintain the company's IT
operations
- Personal data (e.g. authentication data) is sent to third countries in
individual cases in full conformity with the data protection standards
of the European Union when balancing interests and complying with laws
on combating money laundering, terrorism financing and other illegal
activities
When using social media and IT providers, user data may be transferred and
processed by the provider in the US. Data processing is based on your
explicit consent in the cookie banner. Your declaration of consent justifies
such data processing on an exceptional and case-by-case basis pursuant to
article 49 (1) GDPR. Please note that the level of data protection in the US
may vary from that in the EU and the EEA. In particular, government agencies
may access your personal data on the basis of legal authorisation without
our/your knowledge or consent. Your chances of successfully enforcing your
privacy rights in the USA are not very promising.
Any possible data
transfers take place automatically only in connection with the use of our
social media services (Vimeo, YouTube, LinkedIn and Xing), IT providers and
cookies. For further details, please refer to ‘Recipients of personal data’
(art. 9) and ‘Sending data to third countries (art. 10).
You may revoke
your consent at any time, in which case we would ask you to send an email to
our data protection officer under datenschutz(at)perma-tec.com
and delete all relevant cookies and temporary files in your browser.
(11) Routine deletion and blocking of personal data
The
controller processes and stores personal data of the data subject only for
the period necessary to achieve the purpose of its processing or as far as
this is granted by legislators in laws or regulations to which the processor
is subject. If the storage purpose is not applicable or if a storage period
prescribed by the legislator expires, personal data will be routinely
blocked or deleted in accordance with legal requirements.
(12) Rights of the data subject
(12.1) Right to confirmation
Every data subject shall
have the right to request from the controller confirmation as to whether or
not personal data concerning them is being processed. If a data subject
wishes to exercise this right of confirmation, they can contact our data
protection officer at any time or contact another employee of the
controller.
(12.2) Right of access
Every person affected by the
processing of personal data has the right – free of charge – to obtain
information about the personal data concerning them from the controller and
to receive a copy of this information in addition to the information listed
here:
- The purposes of processing
- The categories of personal data processed
- The recipients or categories of recipients to whom the personal data has
been or will be disclosed, in particular recipients in third countries
or international organisations
- Where possible, the planned period for which the personal data will be
stored or if this is not possible, the criteria used to determine that
period
- The existence of a right to request from the controller the
rectification or erasure of the relevant personal data, or the
restriction of its processing, or to object to such processing
- The existence of a right to file a complaint with a supervisory
authority
- Where the personal data is not collected from the data subject: any
available information as to the source of the data
- The existence of automated decision-making including profiling in
accordance with Article 22 (1 and 4) GDPR and – at least in these cases
– conclusive information about the logic involved as well as the
implications and the intended effects of such processing for the data
subject
Furthermore, the data subject has a right to obtain information as to whether
personal data has been transmitted to a third country or to an international
organisation. Where this is the case, the data subject has the right to be
informed of the appropriate safeguards relating to the transmission of this
data.
If a data subject would like to assert this right of access, they
can send an email to datenschutz(at)perma-tec.com at any time.
(12.3) Right to rectification
Every person affected by
the processing of personal data has the right to request immediate
rectification of inaccurate personal data concerning them. Taking into
account the purposes of the processing, the data subject also has the right
to have incomplete personal data completed, including by means of providing
a supplementary statement.
If a data subject would like to assert this
right to rectification, they can contact our data protection officer at any
time.
(12.4) Right to erasure (right to be forgotten)
Every
person affected by the processing of personal data has the right to request
from the controller the erasure of personal data concerning them without
undue delay, where one of the following reasons applies and as long as the
processing is not necessary:
- Personal data is no longer necessary in relation to the purposes for
which it was collected or otherwise processed
- The data subject revokes their consent on which the processing was based
in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and
there is no other legal basis for the processing
- The data subject files an objection in accordance with Article 21 (1)
GDPR against the processing and there are no overriding legitimate
grounds for the processing, or the data subject files an objection
against the processing in accordance with Article 21 (2) GDPR
- The personal data has been processed illegally
- The personal data must be erased in order to ensure compliance with a
legal obligation in Union or Member State law to which the controller is
subject
- The personal data was obtained in relation to the services offered by
the information society in accordance with Article 8 (1) GDPR
If one of the aforementioned reasons applies and a data subject wishes to
request the erasure of personal data stored by our company, they can contact
our data protection officer at any time. Our data protection officer will
promptly ensure that the erasure request is complied with without undue
delay.
Where our company has made personal data public and if our
company is required in accordance with Article 17 (1) GDPR to erase said
personal data, our company – taking into account the available technology
and the cost of implementation – will take reasonable steps, including
technical measures, to inform other controllers processing such data that
the data subject has requested erasure by such controllers of any links to,
or copies or replications of, the respective personal data, as long as the
processing is not necessary. The data protection officer will arrange the
necessary measures in individual cases.
(12.5) Right to restriction of processing
Every person
affected by the processing of personal data has the right – granted by the
European legislator – to request from the controller the restriction of
processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, that
is for such a period of time that the controller can verify its
correctness
- The processing of personal data is deemed unlawful, the data subject
opposes its erasure and requests instead that its use be restricted
- The controller no longer requires the personal data for the purposes of
processing, but the data subject needs this data for the establishment,
exercise or defence of legal claims
- The data subject has objected to its processing pursuant to Article 21
(1) GDPR pending verification as to whether the legitimate grounds of
the controller override those of the data subject
If one of the aforementioned reasons applies and a data subject wishes to
request the restriction of personal data stored by our company, they can
contact our data protection officer at any time. The data protection officer
will arrange the restriction of processing.
(12.6) Right to data portability
Every person affected
by the processing of personal data has the right to receive the personal
data concerning them, which the data subject has provided to a controller,
in a structured, commonly used and machine-readable format. They also have
the right to provide this data to another controller without hindrance from
the controller, as long as the processing is based on consent in accordance
with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in
accordance with Article 6 (1) (b) GDPR, and the processing is carried out by
automated means, as long as the processing is not necessary for the
performance of a task carried out in the public interest or in the exercise
of official authority vested in the controller.
Furthermore, in
exercising their right to data portability in accordance with Article 20 (1)
GDPR, the data subject is entitled to have the personal data transmitted
directly from one controller to another, where technically feasible, and
provided that this does not infringe upon the rights and freedoms of other
persons.
In order to assert their right to data portability, the data
subject can contact our data protection officer at any time.
(12.7) Right to object Every person affected by the
processing of personal data has the right, for reasons arising
from their particular situation, to file an objection at any
time to the processing of said data, which takes place on the
basis of Article 6 (1) (e or f) GDPR. This also applies to
profiling based on these provisions. Our company will no
longer process personal data if an objection is filed, unless we
can demonstrate compelling legitimate grounds for its
processing, which override the data subject’s interests, rights
and freedoms, or for the establishment, exercise or defence of
legal claims. If our company processes personal data for
direct marketing purposes, the data subject will have the right
to object at any time to the processing of said data for such
marketing. This also applies to profiling to the extent that it
is related to such direct marketing. If the data subject objects
to our processing of personal data for the purposes of direct
advertising, we will no longer process this data for these
purposes. In addition, the data subject has the right, on
grounds relating to their particular situation, to object to the
processing of personal data for scientific or historical
research purposes, or for statistical purposes in accordance
with Article 89 (1) GDPR, unless such processing is necessary
for the performance of a task carried out for reasons of public
interest. In order to assert their right to object, the data
subject can contact our data protection officer directly. |
(12.8) Right to withdraw data protection consent
Every
person affected by the processing of personal data has the right to withdraw
their consent to the processing of personal data at any time. If the data
subject wishes to exercise their right to withdraw consent, they can contact
our data protection officer at any time.
(12.9) Right not to be subject to automated decision-making
Furthermore, you have the right under Article 22 GDPR not to
be subject to fully automated decision-making. In principle, we do not use
fully automated decision-making to establish, implement and terminate the
business relationship. If we decide to use this procedure in individual
cases (e.g. to improve our products and services), we will inform you of
this and of your rights in this regard separately if this is required by
law.
(12.10) Obligation to provide data
In the context of
our business relationship, you must provide such personal contractual data
that is required for the establishment, implementation and termination of a
business relationship, and for the fulfilment of the associated contractual
obligations or for whose collection we are legally obliged. Generally
speaking, we will not be able to conclude, execute or terminate a contract
with you without this data.
The same is true with regard to visiting our
online offering and collecting usage data. We will not be able to provide
you with our online offering without collecting usage data.
(13) Data protection for job applications and application procedures
perma-tec collects and processes the personal data of job
applicants for the purpose of carrying out the application process. This
data is also processed electronically. This is the case in particular when
an applicant submits their application documents to our company
electronically, for example, by email or using a web form contained on the
website. If our company enters into an employment agreement with an
applicant, the data submitted will be stored in compliance with the
applicable legal regulations for the purpose of performing the obligations
under the employment contract. If our company does not conclude an
employment contract with the applicant, the application documents will be
automatically deleted six months after the decision not to hire has been
communicated, unless there are other legitimate interests on the part of the
controller preventing this. Other legitimate interests in this context
means, for example, any obligation to provide substantiating evidence in
proceedings based on the General Non-Discrimination Act (Allgemeines
Gleichbehandlungsgesetz; AGG).
Within the perma group your data are transferred to perma USA and processed
there. The legal basis for the data transfer and data processing is article
49 para.1 (b) GDPR (the transfer is necessary for the performance of a
contract between the data subject and the controller or the implementation
of pre-contractual measures taken at the data subject’s request) and / or
the explicit consent in accordance with article 49 para. 1 (a) (the data
subject has explicitly consented to the proposed transfer). There is no
comparable level of data protection in the USA. Government agencies are
legally authorized to access your personal data without our/your knowledge
or consent. Your chances of successfully enforcing your privacy rights in
the USA are not very promising.
(14) Data protection provisions: tracking tools
Web analytics tool Matomo
a. Scope of processing of
personal data
This website uses the Matomo web analytics tool. This tool
collects and evaluates data about your behaviour on our website. Among other
things, data is collected via which website you accessed our website
(so-called referrer), which subpage of our website you visited or how often
and how long you viewed a subpage.
A cookie (for cookies, see above) is
set in your system to enable analysis of the use of our website. Each time
you access a subpage of our website, your system's internet browser is
prompted by the Matomo component to transmit data to our server for the
purpose of online analysis. As part of this process, we collect your IP
address. After collection, the IP address is shortened by 6 digits and then
used in this form to track your location and clicks. Furthermore, the cookie
is used to store information such as access time, access location and the
number of website visits. This personally identifiable information
(including your IP address) is transmitted to our server in anonymised
form every time you visit our website. It is stored by us and will not
be passed on to third parties. An overview of the cookies used can be found
in the data protection regulations under art. 5.
The software is operated on our own servers, so your data (e.g. log files) is
stored on our servers only and is not passed on to third parties.
b. Legal basis for the processing of personal data
The
legal basis for the processing of your personal data is Art. 6 (1) GDPR
(consent).
c. Purpose of data processing
The web analysis serves
to optimise our website and to improve our web services. The purpose of the
Matomo component is to enable a website traffic analysis. The obtained data
and information helps to evaluate the use of our website. Based on this,
online reports are issued to show the activities on our website.
d. Period of data storage
For information on the period
of data storage, please see art. 5.
As for the rest, your data will be
deleted after a storage period of 90 days.
e. Right to object and deletion option
If you do not
wish your data to be processed as described, you can withhold your
consent when you first access our website. If you have already
declared consent, you can revoke it at any time by unchecking “Statistics”
under /?type=5000.
Alternatively, you can prevent the
setting of cookies via your browser settings and also delete cookies.
Matomo takes into account the "Do-Not-Track" function of your browser. If
you have activated this function, we automatically consider this an
objection to the web analysis by Matomo and do not collect data. In this
case, please note that based on your settings, you may experience
interruptions or limited functionality in certain areas of our website.
Further information and the current privacy policy of Matomo can be found
at: https://matomo.org/privacy-policy/.
(15) Competent data protection supervisory authority
Bavarian Data Protection Authority
Promenade 27 (Schloss)
D-91522
Ansbach
Germany
Telephone: +49 (0) 981 53 1300
Fax: +49 (0) 981
53 98 1300
Email: poststelle(at)lda.bayern.de
(16) Amendments to the data protection provisions
We
reserve the right to amend our security and data protection provisions if
this is required due to relevant technical developments. In these cases, we
will also amend our data protection information accordingly. Please refer to
the latest version of our data privacy policy.